CVE-2014-9756

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
libsndfile_projectlibsndfile
𝑥
< 1.0.26
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.04
canonicalubuntu_linux
15.10
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsndfile
bullseye
1.0.31-2
fixed
bookworm
1.2.0-1
fixed
sid
1.2.2-1
fixed
trixie
1.2.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsndfile
wily
Fixed 1.0.25-9.1ubuntu0.15.10.1
released
vivid
Fixed 1.0.25-9.1ubuntu0.15.04.1
released
trusty
Fixed 1.0.25-7ubuntu2.1
released
precise
Fixed 1.0.25-4ubuntu0.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
http://www.openwall.com/lists/oss-security/2014/12/24/3
http://www.openwall.com/lists/oss-security/2015/11/03/9
http://www.ubuntu.com/usn/USN-2832-1
https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
https://github.com/erikd/libsndfile/issues/92
http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html
http://www.openwall.com/lists/oss-security/2014/12/24/3
http://www.openwall.com/lists/oss-security/2015/11/03/9
http://www.ubuntu.com/usn/USN-2832-1
https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
https://github.com/erikd/libsndfile/issues/92